package com.github.cakin.shiro.chapter3.realm;

import com.github.cakin.shiro.chapter3.permission.BitPermission;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.authz.permission.WildcardPermission;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

/**
 * @className: MyRealm
 * @description: 从Reaml中获取认证数据和权限数据
 * @date: 2020/5/17
 * @author: cakin
 */
public class MyRealm extends AuthorizingRealm {

    /**
     * 功能描述：表示根据用户身份获取授权信息
     *
     * @param principals 用户身份
     * @return AuthorizationInfo 授权信息
     * @author cakin
     * @date 2020/5/17
     * @description: 赋予主体一些权限
     * JdbcRealm 的 doGetAuthorizationInfo 函数调用栈
     * doGetAuthorizationInfo:352, JdbcRealm (org.apache.shiro.realm.jdbc)
     * 都是一样的
     * getAuthorizationInfo:341, AuthorizingRealm (org.apache.shiro.realm)
     * isPermitted:461, AuthorizingRealm (org.apache.shiro.realm)
     * isPermitted:457, AuthorizingRealm (org.apache.shiro.realm)
     * isPermitted:223, ModularRealmAuthorizer (org.apache.shiro.authz)
     * isPermitted:113, AuthorizingSecurityManager (org.apache.shiro.mgt)
     * isPermitted:158, DelegatingSubject (org.apache.shiro.subject.support)
     * testIsPermitted2:73, AuthorizerTest (com.github.cakin.shiro.chapter3)
     *
     * MyRealm 的 doGetAuthorizationInfo 函数调用栈
     * doGetAuthorizationInfo:49, MyRealm (com.github.cakin.shiro.chapter3.realm)
     * 都是一样的
     * getAuthorizationInfo:341, AuthorizingRealm (org.apache.shiro.realm)
     * isPermitted:461, AuthorizingRealm (org.apache.shiro.realm)
     * isPermitted:457, AuthorizingRealm (org.apache.shiro.realm)
     * isPermitted:223, ModularRealmAuthorizer (org.apache.shiro.authz)
     * isPermitted:113, AuthorizingSecurityManager (org.apache.shiro.mgt)
     * isPermitted:158, DelegatingSubject (org.apache.shiro.subject.support)
     * testIsPermitted:48, AuthorizerTest (com.github.cakin.shiro.chapter3)
     *
     *
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo( PrincipalCollection principals ) {
        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
        authorizationInfo.addRole("role1");
        authorizationInfo.addRole("role2");
        authorizationInfo.addObjectPermission(new BitPermission("+user1+10"));
        authorizationInfo.addObjectPermission(new WildcardPermission("user1:*"));
        authorizationInfo.addStringPermission("+user2+10");
        authorizationInfo.addStringPermission("user2:*");
        return authorizationInfo;
    }

    /**
     * 功能描述：表示获取身份验证信息
     *
     * @param token token
     * @return AuthenticationInfo 认证信息
     * @author cakin
     * @date 2020/5/17
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken token ) throws AuthenticationException {
        String username = (String) token.getPrincipal();  // 得到用户名
        String password = new String((char[]) token.getCredentials()); // 得到密码
        if (!"cakin".equals(username)) {
            throw new UnknownAccountException(); // 如果用户名错误
        }
        if (!"123456".equals(password)) {
            throw new IncorrectCredentialsException(); // 如果密码错误
        }
        // 如果身份认证验证成功，返回一个AuthenticationInfo实现；
        return new SimpleAuthenticationInfo(username, password, getName());
    }
}
